Help
Join the Community
-
Documentation
Find detailed info about ServiceNow products, apps, features, and releases.
-
Impact
Drive a faster ROI and amplify your expertise with ServiceNow Impact.
-
Partner
Grow your business with promotions, news, and marketing tools for partners.
-
Store
Download certified apps and integrations that complement ServiceNow.
Authentication Clock Skew | Playbook Use Case KB Number: KB0639127
Overview
The number in seconds before notBefore constraint, or after notOnOrAfter constraint, to consider whether it is still valid. Update the SAML property glide.authenticate.sso.saml2.clockskew to a larger value with a default of 60 seconds. Some cases require a setting of 300 or higher. If the identity provider server is connected to a time sync server its time should not be out of sync. The customer’s network team will need to resolve this issue.
PORTUGUÊS
Os segundos antes de notBefore constraint, ou depois notOnOrAfter constraint, para considerar se ainda é válido. Atualize a propriedade SAML glide.authenticate.sso.saml2.clockskew para um valor maior com um padrão de 60 segundos.
Alguns casos exigem uma configuração de 300 ou superior. Se o servidor do provedor de identidade estiver conectado a um servidor de sincronização de horário, seu horário não deverá estar fora de sincronia. A equipe de rede do cliente precisará resolver esse problema.
Symptom / Alert - Sintoma
SAML2: Could not validate SAMLResponse: no thrown error
Could not validate SAMLResponse
SAML2: SAML2ValidationError: Assertion is valid in the future, 2018-09-12T03:37:30.798-07:00, notBefore: 2018-09-12T10:42:03.145Z: no thrown error
logou succeeded
Solution / Solução:
- For Multi-Provider SSO plugin
- Navigate to Multi-Provider SSO > Identity Providers
- Open the identity provider record that is receiving the clock skew
- Update the Clock Skew field with the delta value calculated + 20
- For the SAML 2 – Update 1 – Security Enhancements plugin
- Navigate to the sys_properties table, sys_properties.LIST
- Search for the following system property name glide.authenticate.sso.saml2.clockskew
- Update the Clock Skew field with the delta value you calculate + 20
==============================================================================
01. Navigate to the sys_properties table, sys_properties.LIST
Navegue nas propriedades, digite no filtro, , sys_properties.LIS
T
02. Search for property name glide.authenticate.sso.saml2.clockskew
Procure perla propriedade glide.authenticate.sso.saml2.clockskew
03. Update the Clock Skew field with the delta value calculated + 20
Atualize o Clock Skew com uma diferença calculada para um delta de + 20.
https://<instance name>.service-now.com/nav_to.do?uri=%2Fsys_properties.do%3Fsys_id%3D056a1d121b00200000009141be071356%26sysparm_record_target%3Dsys_properties%26sysparm_record_row%3D1%26sysparm_record_rows%3D1%26sysparm_record_list%3DnameSTARTSWITHglide.authenticate.sso.saml2.clockskew%255EORDERBYname
==============================================================================
==============================================================================
01. Navigate to Multi-Provider SSO > Identity Providers
Navegue em:
02.
Selecione seu provedor
03. Advanced TAB > Clock Skew
